When a NULL scan is sent to a port on a UNIX-based system:
If the port is OPEN: The system does not respond at all.
If the port is CLOSED: The system responds with a RST packet.
This behavior is based on how the TCP stack processes unexpected packets.
From CEH v13 Courseware:
Module 3: Scanning Networks
Topic: Stealth Scanning Techniques → NULL Scan
CEH v13 Official Guide states:
“A NULL scan sends a TCP packet with no flags set. On systems following RFC 793 (like many Unix/Linux), open ports silently drop such packets (no response), while closed ports respond with a TCP RST.”
Incorrect Options:
[Reference:CEH v13 Study Guide – Module 3: Scanning Networks → NULL Scan BehaviorRFC 793 – TCP State Machine, ==================================================================, ]
Submit